Cold War encryption laws stand, but not as firmly

[InfoSec News <isn () c4i org>]

http://news.com.com/2100-1028_3-5092154.html

By Declan McCullagh 
Staff Writer
CNET News.com
October 15, 2003

A pioneering attempt to overturn the U.S. government's Cold War-era
laws restricting the publication of some forms of encryption code
ended quietly Wednesday when a federal judge dismissed the
lawsuit--but only after assurances that the anticrypto laws would not
be enforced.

U.S. District Judge Marilyn Hall Patel in San Francisco threw out the
case after the Bush administration said it would no longer try to
enforce portions of the regulations, according to parties involved in
the proceedings.

Daniel Bernstein, an iconoclastic math professor at the University of
Illinois at Chicago, filed suit in 1995 after spending three years
wrangling with the federal government over whether a simple encryption
program could be freely distributed on the Internet. U.S. law at the
time deemed online publication an "export" that could be punished with
severe prison terms.

"I hope the government sticks to its promises and leaves me alone--but
if they change their mind and start harassing Internet-security
researchers, I'll be back," Bernstein said in an e-mail statement.  
Bernstein, author of the widely used qmail mail utility, did not
respond to an interview request.

Bernstein's case, and two other similar attempts, have been credited
with forcing the federal government to drastically scale back its
attempts to regulate the kind of privacy-protecting encryption
technology used in every Web browser and many e-mail readers. At one
point such encryption was regulated by the State Department and
treated as a "munition" like tanks and fighter jets, but the Clinton
administration responded to the lawsuits by relaxing the rules and
transferring responsibility to the Commerce Department.

At a hearing in October 2002, Justice Department attorney Tony
Coppolino effectively placed even the latest rules on hold, saying the
government would not use them to prosecute cryptographers engaged in
legitimate research.

That admission from the Justice Department was enough for Patel to
dismiss the case, saying that Bernstein could come back to court if
there was a serious threat of the laws being enforced.

Bernstein's lawyers, with attorneys from the Electronic Frontier
Foundation among them, complained that the encryption regulations had
been repeatedly changed to derail Bernstein's case, which claimed the
rules violated the First Amendment's guarantee of free expression. In
a separate case, the 6th Circuit Court of Appeals had said: "Because
computer source code is an expressive means for the exchange of
information and ideas about computer programming, we hold that it is
protected by the First Amendment."

A January 2000 letter from Bernstein's lawyers to the government said
that the rules unconstitutionally required researchers to divulge
their work to the government. "The requirement that Professor
Bernstein and others simultaneously notify both (the Commerce
Department) and (the National Security Agency) at the time of
electronic publication of source code, when no such notification is
required for publication or communication of such code on paper, is
another Constitutional problem," the letter said, citing regulations
that will no longer be enforced.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.